Inconsistent quest locking fix needed on server-side code
CuriousMagpie opened this issue · comments
Description
Per the comment in PR #13734:
The fix to prevent users from purchasing locked quest items has been implemented in the client side only.
Users have begun reporting that they can no longer purchase quests in the final Masterclasser quest chain due to the fact that we added a client-side check to ensure that they have completed all prerequisites. This is the intended and correct behavior: users need to complete all 12 prerequisite quests before they can purchase the first quest in the final Masterclasser quest chain.
In website/common/script/content/quests/series.js
we implemented a new key: prereqQuests
which lists all the required quests for each quest chain. We also updated the logic in website/common/script/libs/getItemInfo.js
to check all quests for prereqQuests
and level or specific unlock conditions instead of having one generic check plus a couple for specific quest lines. And the client-side check happens in website/client/src/components/shops/quests/index.vue
on line 564.
preReqQuests
does appear in the API for each quest which has them.
So the issue here is that if a client attempts to purchase a locked quest, the API is still able to go ahead with the buy operation and it is this buy operation which needs to have a fix implemented to prevent users for circumventing the client to purchase locked quests. A likely place to start on this would be in website/common/scripts/buy/abstractBuyOperation.js
.
For more information, refer to closed issues #13013 and #13206.
May I take this issue?
@vimiomori Yes, please!
@CuriousMagpie
Hello! I'm just wondering, should I ask someone to review my pull request?